I just start learning nodejs below is my code ...
Q1. Do I handle the error message correct way with insertUserPendingBase()??
I check the return message if equal success or not. And if so what is the then can do in this example?
Q2. I use pg when I do execute the query do I need to do anything for prevent SQL injection? I saw in document there's no need, but I'm not sure..
any suggestions can improve my code will be welcome
routes
var express = require('express');
var router = express.Router();
var co = require('co');
// .. post
var insertUserPendingBase = function(token) {
return new Promise(function (fulfill, reject){
var query = "INSERT INTO user_pending_base (user_pending_email,user_pending_password,token_timestamp,token) VALUES ('" + user_email + "','" + user_password + "', CURRENT_TIMESTAMP,'" + token + "')";
dbClient.query(query, function(err, result) {
if (err) {
reject(err);
} else {
fulfill('success');
}
});
});
// .then(function(value) {
// console.log(value);
// throw "error message";
// }).catch(function(e) {
// console.log(e);
// });
}
co(function *() {
// ...
var insertUserPendingBaseResult = yield insertUserPendingBase(generateTokenResult);
console.log('insertUserPendingBaseResult:'+insertUserPendingBaseResult);
if (insertUserPendingBaseResult == 'success') { // handle error like this ??
}
res.render('Account/Register/Index', {
partials: {
Content: 'Account/Register/Content',
}
});
}).catch(onerror);
function onerror(err) {
console.error(err.stack);
}
Update
If I change fulfill(result) instead of fulfill('success') I will get below object but there's no message about fail or success
{ command: 'INSERT',
rowCount: 1,
oid: 0,
rows: [],
fields: [],
_parsers: [],
RowCtor: null,
rowAsArray: false,
_getTypeParser: [Function] }
Update 2
I find a way use try and catch inside co(function *() like below, but I'm not sure is this the best way make a clean code ?
co(function *() {
...
try {
var insertUserPendingBaseResult = yield insertUserPendingBase(generateTokenResult);
// if success ...
} catch (err) {
// if fail
console.log(err);
}
Cannot comment on SQL injection, but fulfill('success') must be fulfill(result).
To handle success and failure of the promise you should use then and catch, no need for generators:
insertUserPendingBase.then(function(result) { /* handle result here */ })
.catch(function(ex) { /* handle exception here */ })
Related
I've copied this example program from Node.js textbook:
var MongoClient = require('mongodb').MongoClient;
var website = {
url: 'http://www.google.com',
visits: 0
};
var findKey = {
url: 'www.google.com'
}
MongoClient.connect('mongodb://127.0.0.1:27017/demo', { useNewUrlParser: true }, function(err, client) {
var db = client.db('demo');
if(err) throw err;
var collection = db.collection('websites');
collection.insert(website, function(err, docs) {
var done = 0;
function onDone(err) {
done++;
if(done < 4) return;
collection.find(findKey).toArray(function(err, results) {
console.log('Visits:', results[0].visits);
//cleanup
collection.drop(function() {
client.close();
});
});
}
var incrementVisits = {
'$inc': {
'visits': 1
}
};
collection.update(findKey, incrementVisits, onDone);
collection.update(findKey, incrementVisits, onDone);
collection.update(findKey, incrementVisits, onDone);
collection.update(findKey, incrementVisits, onDone);
});
});
It throws this error when I run it:
/Users/me/Documents/Beginning NodeJS/node_modules/mongodb/lib/utils.js:132
throw err;
^
TypeError: Cannot read property 'visits' of undefined
at /Users/me/Documents/Beginning NodeJS/update/2update.js:26:43
at result (/Users/me/Documents/Beginning NodeJS/node_modules/mongodb/lib/utils.js:414:17)
at executeCallback (/Users/me/Documents/Beginning NodeJS/node_modules/mongodb/lib/utils.js:406:9)
at handleCallback (/Users/me/Documents/Beginning NodeJS/node_modules/mongodb/lib/utils.js:128:55)
at self.close (/Users/me/Documents/Beginning NodeJS/node_modules/mongodb/lib/cursor.js:905:60)
at handleCallback (/Users/me/Documents/Beginning NodeJS/node_modules/mongodb/lib/utils.js:128:55)
at completeClose (/Users/me/Documents/Beginning NodeJS/node_modules/mongodb/lib/cursor.js:1044:14)
at Cursor.close (/Users/me/Documents/Beginning NodeJS/node_modules/mongodb/lib/cursor.js:1057:10)
at /Users/me/Documents/Beginning NodeJS/node_modules/mongodb/lib/cursor.js:905:21
at handleCallback (/Users/me/Documents/Beginning NodeJS/node_modules/mongodb-core/lib/cursor.js:199:5)
I can't see whats wrong here but the textbook is a few years old and I've already had issues where the code was out of date and wouldn't work so I want to check if that is the case here.
It's a pretty horrible example you are following, but basically there are errors there essentially compounded from http:///www.google.com which is created as the value in the document is different to www.google.com, therefore you don't get a result and it's undefined when trying to read a property from an empty array.
The basic corrections would be to fix that, and actually use findOneAndUpdate() in all cases, since that will atomically return a document.
var MongoClient = require('mongodb').MongoClient;
var website = {
url: 'http://www.google.com',
visits: 0
};
var findKey = {
url: 'http://www.google.com'
}
MongoClient.connect('mongodb://127.0.0.1:27017/demo', { useNewUrlParser: true }, function(err, client) {
var db = client.db('demo');
if(err) throw err;
var collection = db.collection('websites');
collection.findOneAndUpdate(
findKey, website, { upsert: true },function(err, doc) {
var done = 0;
function onDone(err,doc) {
done++;
console.log("Visits: %s", doc.value.visits);
if (done >= 4) {
collection.drop(function(err) {
client.close();
});
}
}
var incrementVisits = {
'$inc': {
'visits': 1
}
};
var options = { returnOriginal: false };
collection.findOneAndUpdate(findKey, incrementVisits, options, onDone);
collection.findOneAndUpdate(findKey, incrementVisits, options, onDone);
collection.findOneAndUpdate(findKey, incrementVisits, options, onDone);
collection.findOneAndUpdate(findKey, incrementVisits, options, onDone);
});
});
Note those "four" calls at the end do not resolve immediately. These simply queue up async functions and there is no guaranteed order to their execution.
But the script will return:
Visits: 1
Visits: 2
Visits: 3
Visits: 4
A much better and "modern" example would instead be:
const { MongoClient } = require("mongodb");
const uri = "mongodb://localhost:27017/";
const options = { useNewUrlParser: true };
const website = {
url: 'http://www.google.com',
visits: 0
};
const findKey = { url: 'http://www.google.com' };
(async function() {
try {
const client = await MongoClient.connect(uri,options);
const db = client.db('demo');
const collection = db.collection('websites');
await collection.insertOne(website);
var times = 4;
while (times--) {
let doc = await collection.findOneAndUpdate(
findKey,
{ $inc: { visits: 1 } },
{ returnOriginal: false },
);
console.log("Visits: %s", doc.value.visits);
}
await collection.drop();
client.close();
} catch(e) {
console.error(e);
} finally {
process.exit();
}
})()
Since we actually await each call executed in the while loop, we guarantee that these are actually executed sequentially. We also await everything, so the code is clean and ordered and we can just hang up the database connection when everything is done, without waiting on callbacks to resolve or other methods.
It seems you Mongo instance returns some kind of error, which makes the results parameter undefined. So, check for errors in the line before (which you should do anyway, but maybe with a more sophisticated error handling):
collection.find(findKey).toArray(function(err, results) {
// this is added
if( err ) {
console.log( err );
return;
}
console.log('Visits:', results[0].visits);
//cleanup
collection.drop(function() {
client.close();
});
});
Instead of
console.log('Visits:', results[0].visits);
Try printing out :
console.log('Visits:', results[0]);
so that from results[0] you can check if there exits a property 'visits'
One of the biggest issue we face now with parse-server is duplication. Although we have implemented a Parse cloud code to prevent such event through beforeSave and afterSave methods at the same time added external middleware to check for existing object before saving still we face duplication over and over specially on concurrent operations.
Here is our code to prevent duplication for a specific class:
Parse.Cloud.beforeSave("Category", function(request, response) {
var newCategory = request.object;
var name = newCategory.get("name");
var query = new Parse.Query("Category");
query.equalTo("name", name);
query.first({
success: function(results) {
if(results) {
if (!request.object.isNew()) { // allow updates
response.success();
} else {
response.error({errorCode:400,errorMsg:"Category already exist"});
}
} else {
response.success();
}
},
error: function(error) {
response.success();
}
});
});
Parse.Cloud.afterSave("Category", function(request) {
var query = new Parse.Query("Category");
query.equalTo("name", request.object.get("name"));
query.ascending("createdAt");
query.find({
success:function(results) {
if (results && results.length > 1) {
for(var i = (results.length - 1); i > 0 ; i--) {
results[i].destroy();
}
}
else {
// No duplicates
}
},
error:function(error) {
}
});
});
This code above is able to prevent some duplicate but most still goes through, example:
What is the "ultimate way" to prevent duplication with Parse server?
You can always create a unique index in mongodb for the field that should be unique in your document.
This way any save that conflicts with that index, will be aborted
Maybe you should write something with Promises like :
Parse.Cloud.beforeSave("Category", function (request, response) {
return new Promise((resolve, reject) => {
var query = new Parse.Query("Category");
query.equalTo("name", "Dummy");
return query.first().then(function (results) {
resolve(); // or reject()
});
})
});
Parse.Cloud.beforeSave("Category", async (request) => {
(...)
await results = query.first();
// then your logic here
response.success();
response.error({ errorCode: 400, errorMsg: "Category already exist" })
})
Here is my Solution:
Parse.Cloud.beforeSave( 'ClassName', async ( request ) => {
const columnName = 'columnName'
const className = 'ClassName'
if( request.object.isNew() ) {
var newCategory = request.object
var name = newCategory.get( columnName )
var query = new Parse.Query( className )
query.equalTo( columnName, name )
const results = await query.count()
if( results === 0 ) {
// no response.success needed
// https://github.com/parse-community/parse-server/blob/alpha/3.0.0.md
} else {
throw 'Is not unique';
}
}
} )
this is my set notification object
var sentNotificationObj = function (notification, eventid, addedorganizerpropic) {
this.notification = notification;
this.eventid = eventid;
this.addedorganizerpropic = addedorganizerpropic;
}
this is my array which is stored notification obect
var notificationSetArray2 = [];
this is my api of getnotification
router.post('/getnotification', function (req, res) {
console.log('in aside');
var id = req.body.userid;
console.log('pos id' + id);
User.findById({ _id: id }, function (err, result) {
if (err) {
console.log('err get notification');
res.statusCode = 500;
res.json({
success: false,
message: "severe error"
});
} else {
this is code fetchin data in data base
for (var i = 0; i < result.notification.length; i++) {
var addedevent = result.notification[i].addedevent;
var notification = result.notification[i].notification;
console.log('added event' + addedevent);
console.log('added noti' + notification);
User.findById({ _id: result.notification[i].addedorganizer }, function (err, addedorganizer) {
if (err) {
console.log('error get added user pofile pic');
} else {
convert image to base64
var base64str = base64_encode(addedorganizer.profileData.profileurl);
console.log(base64str);
console.log(notification);
console.log(addedevent);
var newsentNotificationObj = new sentNotificationObj(notification, addedevent, base64str);
notificationSetArray2.push(newsentNotificationObj);
console.log('succe get added user profile pic');
}
});
}
this is response
res.statusCode = 200;
res.json({
success: true,
notificationArray: notificationSetArray2
})
console.log(notificationSetArray2);
notificationSetArray2.length = 0;
}
});
});
The most simple solution in here to use async library here.
Node runs code in asynchronous way. So it is natural to send response before fetching any data from your database.
By using async you can execute this in a sequence. So it will be solved.
Use async.series method for solve this. For example
async.series(
[
function(callback){
// fetch your data here using mongo with your loop
//
//
callback(); // this will trigger next step (call this after you finished iterating array)
},
function(callback){
// after above code has been executed
// send response here
callback() // call this to proceed
}
],
function(err){
// handle any error in here
}
)
A good example of how to use asyncjs in node
I've never had to do this before. I've created myModule.GetRecord() and I can see the recordset successfully has the expected record.
However, ret in router.get() is undefined.
I believe because I need to catch the returned value in a callback.
I don't know how to define this module/function for a callback (if that is what I am appropriately looking to do) or how to call this function for a callback.
I've tried a few different things i.e. the typical GetRecord(ret, function () { ... }); But didn't see anything that appeared to work. And I read a bunch on the line but didn't find what I believe I'm looking for.
I really don't care to much about how I get there, but all I'm really trying to do is have mm.GetRecord()'s returned value in some usable form in the router.get()
--- myModulefile.js ---
'use strict';
module.exports = {
GetRecord: function (id) {
var sql = require('mssql');
sql.connect({ user: 'sa', ... database: 'name' }, function (err) {
if (err) { console.log(err); return null; }
var cmd = new sql.Request();
cmd.query('select * from Records where id = ' + id, function (err, rs) {
if (err) { console.log(err); return null; }
if (rs.recordset.length > 0) {
console.log('rs[0]', rs.recordset[0]);
return rs.recordset[0];
} else {
return null;
}
});
});
}
};
--- myRouter.js ----
const express = require('express');
const router = express.Router();
const mm = require('../myModule');
router.get('/:id', function (req, res) {
var id = req.params.id;
var ret = mm.GetRecord(id)
console.log('ret', ret);
if (ret == null)
ret = JSON.stringify({ ID: -1, f1: 'unknown' });
res.send(ret);
});
module.exports = router;
Of course I find the answer after having placed the question on here.
GetRecord() has to be defined with a parameter that recieves the callback passed to it. And the callback paramater's variable fn is used in place of return
GetRecord: function (id, fn) {
var sql = require('mssql');
sql.connect({ user: 'sa', ... database: 'name' }, function (err) {
if (err) { console.log(err); fn(null); }
var cmd = new sql.Request();
cmd.query('select * from Records where id = ' + id, function (err, rs) {
if (err) { console.log(err); fn(null); }
if (rs.recordset.length > 0) {
console.log('rs[0]', rs.recordset[0]);
fn(rs.recordset[0]);
} else {
fn(null);
}
});
});
}
and
GetRecord(id, function(ret) {
console.log('ret', ret);
});
I am trying to make an api endpoint for data coming from dynamoDB. I believe that I have everything connected but when I run postman to check the api (api/db) it doesn't recognize the functions from the db.js in the db.js (for routes). I have run a test on api/test and am getting the information back. Here is the code from both files:
1. This scans the database and I'm trying to export it to another file.
var AWS = require('aws-sdk');
var params = {
TableName : "iotbuttonsn",
//KeyConditionExpression: "serialNumber =:serialNumber",
//ExpressionAttributeValues: {
// ":serialNumber":"*"
//},
ScanIndexForward: false,
Limit: 3,
Select: 'ALL_ATTRIBUTES'
};
AWS.config.update({
region: "us-east-1",
endpoint: "https://dynamodb.us-east-1.amazonaws.com"
});
var docClient = new AWS.DynamoDB.DocumentClient();
var getDatabase = (function(){
return {
scanDB: function(){
docClient.scan(params, onScan);
var onScan = function(err, data){
if (err) {
console.log(err.message);
} else {
console.log('scan success');
len = data.Items.length;
for (n=0; n<len; n++) {
clickTypes[n] = data.Items[n].payload.clickType;
serialNums[n] = data.Items[n].serialNumber;
}
}
};
},
clickTypes: [],
serialNums: []
};
})();
module.exports = getDatabase;
2. This is where I'm trying to input but db.scanDB() isn't working:
var router = require('express').Router();
var db = require('../routes/db.js');
router.get('/', function(req, res){
db.scanDB();
buttons =
[
iot_buttonOne = {
serialNum: db.serialNum[0],
clickType: db.clickTypes[0]
},
iot_buttonTwo = {
serialNum: db.serialNum[1],
clickType: db.clickTypes[1]
}
]
.then(
function scanSuccess(data){
res.json(data);
},
function scanError(err){
res.send(500, err.message);
}
);
});
module.exports = router;
Change your db.scan() function to properly return an asynchronous result:
// db.js
module.exports = {
scanDB: function(cb){
docClient.scan(params, function(err, data) {
var clickTypes = [], serialNums = [];
if (err) {
console.log(err.message);
cb(err);
} else {
console.log('scan success');
len = data.Items.length;
for (n=0; n<len; n++) {
clickTypes[n] = data.Items[n].payload.clickType;
serialNums[n] = data.Items[n].serialNumber;
}
cb(null, {clickTypes, serialNums});
}
});
}
};
Then, when you use it:
var db = require('../routes/db.js');
db.scanDB(function(err, data) {
if (!err) {
// data.clickTypes
// data.serialNums
} else {
// process error
}
});
It really does not good to put the scanDB result on the DB object the way you were doing because there was no way for the caller to know when the asynchronous operation was done. So, since you have to provide some notification for the caller when the async operation is done (either via callback or promise), you may as well just pass the results there too.
Also, the .then() handler in your router.get(...) handler does not belong there. I don't know why it's there at all as there are no promises involved in the code you show. Perhaps a cut/paste error when creating the question?
Note, I removed the IIFE from your getDatabase() definition since there was no benefit to it other than a little more complicated code.